Today we’re concluding our tour of the AtlasCamp 2010 videos with three great talks: Big Module Plugins; Securing Your Plugin; and Using Advanced Javascript in Atlassian Plugins. Last week we saw videos on marketing a commercial plugin, performance for Jira plugins, and the Atlassian Platform. Happy holidays, and see you at AtlasCamp 2011! Details aren’t planned yet, but follow @atlascamp to get updates.
Big Modular Plugins – John Kodumal
John shows how to create modular Atlassian plugins, or plugins that are imported, depended on, and required by other plugins. Highlights include:
- Plugins can use Java libraries for shared and extended functionality
- Plugins can talk to other plugins with component-import
- Custom permissions provide control for plugin integration with PermissionEnforcer.java
Securing Your Plugin – Penny Wyatt
Penny gives a comprehensive view of potential Atlassian plugin vulnerabilities and security, providing examples and solutions to each possible vulnerability. Highlights include:
- Use HTML encoding whenever displaying user data to avoid XSS hacks. Atlassian products provide functions for HTML encoding
- XSRF vulnerabilities are also possible, avoidable by using limited-duration tokens issued by the server
- Confluence has a WebSudo mode, which requires an administrative password to perform an action
- Files can be executed and modified, so be sure to limit administrators and users to isolated directories on the server
- Use java.security.SecureRandom for secure random number generation
Needs More jQuery: Using Advanced Javascript in Atlassian Plugins – Zach Davis
Zach talks about user interface development in Atlassian plugins, specifically recommending AUI as the best approach. He also shows us why Atlassian chose jQuery for a Javascript framework. Highlights include:
- The Atlassian User Interface (AUI) is based on jQuery
- AUI allows a plugin developer to create consistent UI components: dropdowns, toolbars, dialogs, and more
- AUI provides functions for keyboard shortcuts
- Learn more about AUI with the Atlassian User Interface Documentation